> From: Liu, Yi L <yi.l.liu@xxxxxxxxx> > Sent: Monday, December 19, 2022 4:47 PM > > VFIO group has historically allowed multi-open of the device FD. This > was made secure because the "open" was executed via an ioctl to the > group FD which is itself only single open. > > No know use of multiple device FDs is known. It is kind of a strange > thing to do because new device FDs can naturally be created via dup(). > > When we implement the new device uAPI there is no natural way to allow > the device itself from being multi-opened in a secure manner. Without > the group FD we cannot prove the security context of the opener. > > Thus, when moving to the new uAPI we block the ability to multi-open > the device. This also makes the cdev path exclusive with group path. also highlight that the new scheme needs to sustain both the legacy behavior i.e. multi-open in the group path and the new behavior i.e. single-open in the cdev path. This mixture leads to the introduction of a new single_open flag stored both in vfio_device_file and vfio_device.
